diTii.com - All About Techology : features Latest News and Informtion About Technology

Menu

XBLA Accounts Were Compromised

Last week, MS denied reports that Xbox Live accounts or here had been compromised, putting ID thefts down to 'phishing' and denying security breaches at Bungie.net / Xbox Live - MS have this week conceded that more was and is afoot than users simply giving away their details to dodgy emails and websites. MS this week concedes that there […]

Last week, MS denied reports that Xbox Live accounts or here had been compromised, putting ID thefts down to 'phishing' and denying security breaches at Bungie.net / Xbox Live - MS have this week conceded that more was and is afoot than users simply giving away their details to dodgy emails and websites.

MS this week concedes that there is more of a concerted effort going on by fraudsters to dupe MS and their partners into giving away personal details (which can give the criminals access to a user's Microsoft Points, which can then be spent). 'Pretexting' is apparently the technique the nefarious criminals have been using, described by Wikipedia thusly:

Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone. It's more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information (e.g., for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.

This technique is often used to trick a business into disclosing customer information, and is used by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager (e.g., to make account changes, get specific balances, etc).

Xbox Live director Larry Hryb became aware of the problem via security researcher Kevin Finisterre who realised that much of the security compromises had occurred through the MS support centre. "There's no other way to say it; this situation shouldn't have happened. Our customers deserve better. The Xbox team takes what happened and the resolution of it very seriously," Hryb apologised, stating that staff would be re-trained and policies altered to counter this threat.

Post navigation

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.